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CLAIMS 



1. A method for generating an identification value for identifying an electronic message in a 
Message Authentication Code (MAC) function by application of at least one first hash function 
with fixed compression that compresses n blocks of data into a number of blocks which is 
smaller than n or into one single block, the hash function being repetitively applied in a tree- 

15 structure compression of the message, so that the message is being compressed in a 
plurality of tree-structure levels, each level receiving mi input blocks for compression, 
subscript i denoting a current level in the tree structure, whereby intermediate resulting 
numbers are produced, wherein said at least one first hash function additionally receives at 
least one cryptographic key as an Input, and wherein different cryptographic keys are used in 

20 different levels of the tree structure, the method comprising processing an output of the tree- 
structure compression further to obtain said identification value, 
ch a r-3 c ter j z e d in that 

- a residual data block is passed without compression from the current level to another, 
subsequent level in case n does not divide the number of input blocks mi for said current 

25 level 1, and in that 

- data which represent a length L of the message are concatenated to the output to obtain a 
concatenated output, and/or to at least one of the intermediate resulting numbers. 

2. A method according to claim 1, further comprising the step of inserting a set of predefined 
30 data at a predetermined position in the message, e.g. by appending the set of predefined 

data to the message, so that the length of the message with the appended set of data 
becomes a multiple of the length of the blocks. 

3. A method according to claim 1 or 2, wherein the tree-structure compression is performed 
35 until the number of blocks is less than n. 

4. A method according to claim 3, wherein said length L represents the iength of the message 
without said appended set of data. 

5. A method according to claim 4, wherein a hash function is applied to the concatenated 
40 output to obtain a compressed concatenated output, said hash function being one of: 

- the at least one first hash function; and 

- a second hash function. 
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6. A method according to any of the preceding claims, further comprising applying a further 
hash function to at least one of: 

- said output, 

5 - a further set of data derived from said output, 

- said concatenated output, and 

- said compressed concatenated output. 

7. A method according to any of the preceding claims, further comprising applying a 

10 cryptographic function to said output or to a further set of data derived from said output. 

8. A method according to claim 6 or 7, wherein at least one of: 

- said second hash function; and ' 
• said further hash function 

15 makes use of at least one cryptographic key. 



9. A method according to claim 8, wherein different cryptographic keys are used in one level 
of the tree structure. 



20 

10. A method according to claim 8, wherein the same cryptographic key is used in a single 
level of the tree structure. 

11, A method according to any of the preceding claims, wherein at least one of: 
25 - said first hash function; 

- said second hash function; and 

- said further hash function 
is a universal hash function. 



r 

12. A method according to any of the preceding claims, wherein at least one of: 

- said at least one first hash function; 

- said second hash function; and 

- said further hash function 

comprises at least two different hash functions. 

13. A method according to claim 12, wherein the at least two different hash functions 
compress different numbers n of blocks. ' 



14. A method according to claim 12 or 13, wherein at least one of the at least two different 
40 hash functions compresses a variable number n of blocks. 

15. A method according to any of claims 12-14, wherein the different hash functions use 
different cryptographic keys. 
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16. A method according to any of claims 8-15, comprising performing a plurality of tree- 
structure compressions of the message to obtain a plurality of results, and concatenating the 
plurality of results into a concatenated result. 

17. A method according to claim 16, wherein different cryptographic keys are applied in the 
plurality of tree-structure compressions. 

18. A method according to claim 16, wherein partly identical cryptographic keys are applied 
in the plurality of tree-structure compressions. 

19. A computer system comprising a memory and a processor, the processor being 
programmed to carry out the method of any of claims 1-18. 

20. A computer program product comprising means for performing the method of any of 
claims 1-18. 

21. A method for generating an identification value for identifying an electronic message in a 
Message Authentication Code (MAC) function by application of at least one first hash function 
with fixed compression that compresses n blocks of data into a number of blocks which is 
smaller than n or into one single block, the hash function being repetitively applied in a tree- 
structure compression of the message, so that the message is being compressed in a 
plurality of tree-structure levels, each level receiving mi input blocks for compression, 
subscript i denoting a current level in the tree structure^ wherein said at least one first hash 
function additionally receives at least one cryptographic key as an input, and wherein 
different cryptographic keys are used in different levels of the tree structure, the method 
comprising processing an output of the tree-structure compression further to obtain said 
identification value, 

characterized in that 

the method comprises determining whether or not n divides the number of input blocks mi for 
said current level i; and 

if n does divide m,: applying said at least one first hash function m/n times; 

if n does not divide mil 

applying said at least one first hash function at most m^n times, whereby at least one 

residual data block is left unprocessed by the first hash function; and 

processing said at least one unprocessed data block by means of an auxiliary hash 

function which, in one single hash operation, compresses the at least one 

unprocessed data block into one single block, the auxfliary hash function having a 

compression rate, which is different from the compression rate of said first hash 

function. 

22. A method according to claim 2i, further comprising the step of inserting a set of 
predefined data at a predetermined position in the message, e.g. by appending the set of 
predefined data to the message, so that the length of the message with the appended set of 
data becomes a multiple of the length of the blocks. 
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23. A method according to claim 21 or 22, wherein the tree-structure compression is 
performed until the number of blocks is less than n. 

24. A method according to claim 23, further comprising the step of concatenating the output 
with data which represent a length L of the message to obtain a concatenated output, the 
length L representing the length of the message without said appended set of data. 

25. A method according to claim 24, wherein a hash function is applied to the concatenated 
output to obtain a compressed concatenated output, said hash function being one of : 

- the at least one first hash function; and 

- a second hash function. 



26. A method according to any of claims 21-25, further comprising applying a further hash 
function to at least one of: 
15 - said output, 

- a further set of data derived from said output, 

- said concatenated output, and 

- said compressed concatenated output. 
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27. A method according to any of claims 21-26, further comprising applying a cryptographic 
function to said output or to a further set of data derived from said output. 

28. A method according to any of claims 21-27, wherein at least one of: 

- said at least one first hash function; 

- said second hash function; and 

- said further hash function 
makes use of at least one cryptographic key. 
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29. A method according to claim 28, wherein different cryptographic keys are used in one 
level of the tree structure. 



30. A method according to claim 28, wherein the same cryptographic key is used in a single 
level of the tree structure. 

35 31. A method according to any of claims 21-30, wherein at least one of: 

- said first hash function; 

- said second hash function; and 

- said further hash function 
is a universal hash function. 

40 

32. A method according to any of claims 21-31, wherein at least one of: 

- said at least one first hash function; 

- said second, hash function; and 

- said further hash function 

45 comprises at least two different hash functions. 
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33. A method according to claim 32, wherein the at least two different hash functions 
compress different numbers n of blocks. 

34. A method according to claim 32 or 33/ wherein at least one of the at least two different 
hash functions compresses a variable number n of blocks. 

35. A method according to any of claims 32-34, wherein the different hash functions use 
different cryptographic keys. 

36. A method according to any of claims 28-35, comprising performing a plurality of tree- 
structure compressions of the message to obtain a plurality of results, and concatenating the 
plurality of results into a concatenated result. ' 

37. A method according to claim 36, wherein different cryptographic keys are applied in the 
plurality of tree-structure compressions. 

38. A method according to claim 36, wherein partly identical cryptographic keys are applied 
in the plurality of tree-structure compressions. 

*.".«■.• «... 
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39. A computer system comprising a memory and a processor, the processor being 
programmed to carry out the method of any of claims 21-38. 

40. A computer program product comprising means for performing the method of any of 
claims 21-38, 

41. A method for generating an identification value for identifying an electronic message, the 
method comprising the steps of: 

- processing at least one block of a set of data derived from the message into a resulting 
number by means of a delta-universal hash function ; and 

- computing a sum of the resulting number and a further block of data derived from the 
message to obtain a modified resulting number; 

- using the modified resulting number further to obtain said identification value. 

42. A method according to claim 41, wherein the hash function operates on a single block of 
data only. 

43. A method according to claim 41 or 42, wherein the delta-universal hash function is 
repetitively appiied in a tree-structure compression of the message, so that the message is 
being compressed in a plurality of tree-structure levels, each tree-structure receiving m, input 
blocks for compression, the delta-universal hash function and the subsequent step of adding 
performing a compression of n data blocks into one single data biock. 
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44. A method according to claim 43, wherein a residual data block is passed without 
processing thereof from a current level to another subsequent level in case n does not divide 
the number of input blocks m, for said current level i. 

5 45. A method according to any of claims 41-44, wherein the modified resulting number is 
determined by the function: 

(nrij+k mod 2 32 HLSR(m 1 ,32)+LSR(k,32) mod 2 32 )+m 2 mod 2 M , 

where m t and m 2 denote two of said blocks of data, LSR(x,y) denotes a logical-shift-right by 
y bits of input x, and k denotes a cryptographic key, whereby m 2/ m 2 and k are represented 
10 as 64 bit unsigned integers. 

46. A computer system comprising a memory and a processor, the processor being 

_ • - 

programmed to carry out the method of any of claims 41-45. 

15 47. A computer program product comprising means for performing the method of any of 
claims 41-45. 
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